The upcoming World Conference on Disaster Management in Toronto will showcase all the usual suspects: floods, tornadoes, riots and other havoc-wreakers from the oeuvre of Michael Bay. But this year, crisis experts will also plumb "survival" techniques for a catastrophe that, despite its old-school powers of Biblical destruction, is thoroughly modern in nature.

They call it a cyberstorm.

Though 2011 was a banner year for computer crime, with high-profile attacks on corporations, government and citizens alike, Canadian security experts predict the worst is yet to come. And as with a natural disaster, being prepared for the worst is less about prevention, they say, than having a plan in place to minimize damage after the strike — which they believe is inevitable.

"Everyone is going to get hacked," says Robert Beggs, CEO of Digital Defence in Burlington, Ont. "You put a computer on the Internet and within 25 minutes, someone will compromise it unless there's a firewall or some kind of anti-virus."

These kinds of opportunistic attacks are common, and typically automated. Beggs notes that even if the compromised computer has little of value on it, hacking tools can ultimately weaponize it against other computers without the user's knowledge.

The bigger, and certainly costlier, concern is the recent rise in targeted attacks: hackers training their sights on a particular business for a specific reason.

Beggs reports that hospital medical records are being stealthily accessed by pharmaceutical and medical supply companies for direct-marketing purposes. A keystroke-logger was secretly placed onto one of Beggs' client's computers by a rival company for the purpose of underbidding on lucrative construction contracts. Notoriously, former Canadian telecom giant Nortel — which filed for bankruptcy in 2009 — was unknowingly compromised for nearly a decade, with hackers having continued access to the company's internal documents via remotely installed spyware.

"Up to 40 per cent of most businesses have probably been compromised and don't know it," says Beggs, a featured speaker at the June conference. "Based on experience with our clients, the average recovery cost is going to be approximately $80,000 to $100,000 for a computer intrusion, and that does not include notification of people who've been affected, liability, or future loss should the event become public knowledge."

Part of the problem is that these things are so hard to trace. Indeed, fully a year after the robocalls scandal — which saw primarily non-Conservative voters redirected from their polling stations — Elections Canada has yet to finger the perpetrator, who used an untraceable email account and proxy server to shield his IP address.

For most Canadians, the issue is growing vulnerability. A recent computer security report by HP found that of all known security issues detected in 2011, roughly a quarter were considered "high risk," compared to just seven per cent in 2006.

Experts say due diligence is vital: not only the work of identifying network weaknesses but also having a plan in place for a rapid and effective response to a potential incident. Hacker collectives such as Anonymous, for instance, often will infiltrate or shut down a corporate website simply because they don't like the way the company does business.

"They'll attack you as a political message," says Beggs. "And the only businesses that will survive are the ones who prepare in advance."

Of course, industry insiders have a stake in stoking paranoia. But David Skillicorn, a professor in the school of computing at Queen's University in Kingston, Ont., says it's almost impossible to overstate the problem.

"Things are not good and we have no silver bullet," says Skillicorn, a noted expert on computer security. "People should try as much as they can to keep up with anti-virus updates and malware-detecting systems. But in the end, it's much like colds and flu: you try not to get sick, but it's going to happen."

Comments

We encourage all readers to share their views on our articles and blog posts. We are committed to maintaining a lively but civil forum for discussion, so we ask you to avoid personal attacks, and please keep your comments relevant and respectful. If you encounter a comment that is abusive, click the "X" in the upper right corner of the comment box to report spam or abuse. We are using Facebook commenting. Visit our FAQ page for more information.

Almost Done!

Postmedia wants to improve your reading experience as well as share the best deals and promotions from our advertisers with you. The information below will be used to optimize the content and make ads across the network more relevant to you. You can always change the information you share with us by editing your profile.

By clicking "Create Account", I hearby grant permission to Postmedia to use my account information to create my account.

I also accept and agree to be bound by Postmedia's Terms and Conditions with respect to my use of the Site and I have read and understand Postmedia's Privacy Statement. I consent to the collection, use, maintenance, and disclosure of my information in accordance with the Postmedia's Privacy Policy.

Postmedia wants to improve your reading experience as well as share the best deals and promotions from our advertisers with you. The information below will be used to optimize the content and make ads across the network more relevant to you. You can always change the information you share with us by editing your profile.

By clicking "Create Account", I hearby grant permission to Postmedia to use my account information to create my account.

I also accept and agree to be bound by Postmedia's Terms and Conditions with respect to my use of the Site and I have read and understand Postmedia's Privacy Statement. I consent to the collection, use, maintenance, and disclosure of my information in accordance with the Postmedia's Privacy Policy.